package com.watson.spring.all.security.service.old.controller;

import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author watson
 * @date 2021/5/26 19:51
 * @Description: TODO
 **/
@RestController
@RequestMapping("/test")
public class TestController {
    @GetMapping("/hello")
    public String demo() {
        return "示例返回";
    }

    @GetMapping("/index")
    public String home() {
        return "我是首页";
    }

    @GetMapping("/update")
//    @Secured({"ROLE_sale", "ROLE_manage"})
    @PreAuthorize("hasAnyAuthority('admins')")
//    @PreAuthorize("hasRole('ROLE_管理员')")
    @PostAuthorize("hasAnyAuthority('admins')")
    public String update() {
        System.out.println("post,update");
        return "权限页";
    }
}

